Following my recent issues with Netgear SC101 drivers and NOD32 I got an interesting suggestion from NOD32 support - switch of the IMON module and see if that cures your problem. I tried it and no more problems but I was worried that by turning off IMON I was leaving a security hole in my AV solution ... here is their response to my concerns ...

Quote

The next version of NOD32 will be sans IMON. It's being totally eliminated from the program for this very reason.

In 1992, when NOD32 was introduced, very few programs operated at the winsock level. Today, in addition to Google and Microsoft, 100's of other developers are creating software in this manner. That would be fine, except for the fact that any app that operates here, needs the top spot in the stack, and only one program can have it.

As it is now, it can't be enabled at all, on a server.

IMON was just the first layer of defense, a supplement. The strengths of NOD32 are AMON, which scans every file that performs an action, as it performs that action, and the advanced heuristics which is stopping 90+ % of all new threats, before a definition is even written.

By quitting IMON now, you'll not only allow both programs to operate together, but you'll also lose no coverage.

Thank you,Eset Tech Support

So there you have it - IMON does nothing useful so you may as well switch it off and forget it (and save a few CPU cycles presumably in the process) !!

I dunno about their claim that "it doesn't really achieve anything"...

I don't really know how they implement the stuff, but a filter driver could detect an incoming buffer overflow (or other exploit) attempt before it activates. Keep in mind that you don't necessarily need to write anything to disk - there's been at least a couple of worms that only ever lived in memory.

As I understand HTTP scanning the one and only unique feature is drive by protection where code is executed in memory - or through browser exploits perhaps. As soon as good old files are involved default module kicks in. More or less the same for email filter though such a thing often does a lot more than just look at attachments/files. Free Avira is doing quite well without any of these.

Sounds like a bad excuse from someone who aims at optimal protection. Could be disabled by default perhaps.